Information Security Management System: A Case Study of Employee Management

Introduction

A computer based network organisation works by communication/ transformation of information with the help of their employee. Therefore it is need to develop Information management system so that it is possible for an organisation to develop the process for getting right information to the right person at the right place and at the right time. It is possible in an organisation that some employees can reveal secret/sensitive information. So, there need to develop some policies and procedures for systematically managing an organisation’s sensitive data. It is necessary to manage data in proper way so that risk level with respect to secret/sensitive data should low. The goal of Information security management system should run an organisation smoothly and continuously by limiting the risk level very low. An ISMS mainly consists of (i) Human resource (HR) (ii) Organizational processes and procedures and (iii) Information and technologies. The key factors of ISMS are working on Data integrity, Availability and Confidentiality of information. (a)Data integrity: Access restriction and protection of data from unauthorized resources (b) Availability: Organizational information available to authorized resources without any issues. (c)Confidentiality: Protection of information from unauthorized resources. Employee management is the effort to help employee to their best. An organization always wants to take service from an employee with minimum cost expenditure and getting maximum profit. An employee has to do different types of tasks in Information Security Management System. [C.S.Park et al. 2010].To maintains information should be secure, the following criteria should be following with respect to employee in ISMS:-

• 1.

  Selection: Selection is initial stage of entry of employee in an organization. It is necessary to choose right person for doing right job so that ISMS can run properly.

• 2.

  Monitoring: The working process of an employee should be monitored. There should be some observation group for observing the whole process of employee and this will helpful manage performance of employee in ISMS.

• 3.

  Interaction: Employee should interact with each other properly and confidentially. The flow of information should be secure among employee so that ISMS can be implemented smoothly.

• 4.

  Reward: Employee should be rewarded with respect to their working ability and performance. This will work as catalyst among employee and organization performance will be tend in higher profit.

• 5.

  Discipline: The information of an organization will remain secure if some major disciplinary action against employee who is revealing information to unauthorized person. Role of an employee always plays an important role in an organization. An employee may leak all the information of an organization during working of job or after leaving the job.

The role of employee can greatly increase in maintaining a safe and secure environment after creating and maintaining an information security management. Achieving information security is huge challenge for an organization. There is needed to look ISMS from some mathematical methods so that information can be remaining secure for an organization. IoT platform can help organization to reduce cost through improved process efficiency, assets utilization and productivity. In an organization employee can connect, analyze, integrate and take active participation with the help of IoT based technology. To make an organization secure IoT based technology should be apply to serve auto Shift / roster management, Email/SMS notifications of employee’s attendance, automatically manages leave records of employees etc... Organization can establish their own policy for attendance, leave, ON duty, office time, and working place of employee and leave management system. The designing, developing, and maintaining and enabling the large technology to IoT system in an organization is quite complicated. In this paper some features related to security of information by the employee have discussed. As the devices of IoT interact and communicate with each other and do lot of task for an organization so it is required to discuss some security risk related from employee of an organization.